<?php
if(!defined('IN_INDEX'))
{
	printError("ACCESS DENIED", "This page is hidden.");
	exit;
}
if(!checkSession())
{
			function redirect($url)
			{
			?>
				<script type="text/javascript">
					{
					window.location = "<?=$url?>";
					}
				</script>
			<?php 
			}
			redirect("index.php?action=login");
	exit;
}

$dateformat = $CONFIG['date_format'];
$dateformat_long = $CONFIG['date_format_long'];

if(isset($_REQUEST['pid']))
{
	$PM_MSG = getPM($_REQUEST['pid']);
}
else
{
	printError('FETCH PM ERROR', 'Could not fetch the requested PM');
}
if($PM_MSG['is_read'] == 0 && $USER->getId() == $PM_MSG['to_id'])
{
	$sql = "UPDATE " . PM_TABLE . " SET pm_is_read='1' WHERE pm_id='" . $PM_MSG['id'] . "'";
	
	if(!$result = $db->sql_query($sql))
	{
		printError("SQL ERROR", mysql_error($sql));
	}
}

//Security Check
if($PM_MSG['to_id'] == $USER->getId() || $PM_MSG['from_id'] == $USER->getId())
{
?>
<div id='postpath'>
		<a title="<?php echo translate('gotofrontpage'); ?>" href="index.php"><?php echo translate('home'); ?></a>
        &gt; <a href="index.php?action=blogs" title='<?php echo translate('showallblogs'); ?>'><?php echo translate('blog'); ?></a> 
		&gt; <a href="index.php?action=profile&id=<?php echo $USER->getId(); ?>"><?php echo ucf($USER->getFirstname()) . " " . ucf($USER->getLastname()); ?></a>
        &gt; <a href="index.php?action=profile&sub=pm" title='<?php echo translate('pm'); ?>'><?php echo translate('pm'); ?></a> 
        &gt; <a href="index.php?action=profile&sub=pm_show&pid=<?php echo $_REQUEST['pid']; ?>" title='<?php echo $PM_MSG['subject']; ?>'><?php echo $PM_MSG['subject']; ?></a>
</div>

<br />
<h2><?php echo $PM_MSG['subject']; ?></h2>
<br />
<form method="post" action="index.php?action=profile&sub=pm_new&reply=<?php echo $PM_MSG['id']; ?>">

	<table border="0" width="100%" cellpadding="5" cellspacing="0" style="border-top:solid thin; border-left:solid thin; border-right:solid thin; border-bottom:solid thin;">
    <tr>
    <td width="70" valign="top">
    <?php 
    if(selectAvatarPath($PM_MSG['from_id']) != "")
							{
								$profile_pic_path = $CONFIG['user_data_path'] . $PM_MSG['from_id'] . "/thumbs_" . selectAvatarPath($PM_MSG['from_id']);
								if(file_exists($profile_pic_path))
								{
									echo "<a href='index.php?action=profile&amp;id=" . $PM_MSG['from_id'] . "'><img src=\"" . $profile_pic_path . "\" alt=\"" . translate('profile_picture') . "\" class=\"profile_picture\" /></a>\n";
								}
								else
								{
									echo $profile_pic_path;
								}
							}
							else
							{
								if($USER->getGender() == "female")
								{
									echo "<a href='index.php?action=profile&amp;id=" . $PM_MSG['from_id'] . "'><img src=\"" . $CONFIG['user_data_path'] . "profile_female.gif\" height='60px' width='60px' alt=\"" . translate('profile_picture') . "\" class=\"profile_picture\" /></a>\n";
								}
								else
								{
									echo "<a href='index.php?action=profile&amp;id=" . $PM_MSG['from_id'] . "'><img src=\"" . $CONFIG['user_data_path'] . "profile_male.gif\" height='60px' width='60px' alt=\"" . translate('profile_picture') . "\" class=\"profile_picture\" /></a>\n";
								}
							}
    ?>
    </td>
    <td valign="top">
	<?php echo "<a style='color:#555555;' href=\"index.php?action=profile&id=" . $PM_MSG['from_id'] . "\"><b>" . $PM_MSG['from'] . "</b></a> - " . formatDate($PM_MSG['date'], $dateformat_long); ?><br /><br />

	<?php echo $PM_MSG['body']; ?>
	</td>
    </tr>
    </table>
    <br />
	<input type="submit" name="pm_reply_submit" style="font-weight:bold;" value=" <?php echo translate('reply'); ?> " />
</form>
<?php
}
//Redirect to inbox when someone tries to read other person messages
else
{
 echo "<meta http-equiv=\"refresh\"content=\"0;url=index.php?action=profile&sub=pm\">";	
}
?>
